Korea AI Act

Framework Act on AI Development and Establishment of Trust (Law No. 20676)

First comprehensive AI legislation in Asia-Pacific and second in the world after EU. Regulates "High-Impact AI" in healthcare, energy, nuclear, transport, government, and education sectors. Requires transparency notifications, content labeling for generative AI, and fundamental rights impact assessments. Notable for lower penalties than EU AI Act and absence of prohibited AI practices.

Jurisdiction

South Korea

Enacted

Jan 21, 2025

Effective

Jan 22, 2026

Enforcement

Ministry of Science and ICT

Passed Dec 26, 2024; promulgated Jan 21, 2025

CSET Translation

Why It Matters

First comprehensive AI law in APAC, effective January 22, 2026. Foreign companies above user/revenue thresholds must designate Korean representative. Lower penalty cap than EU (KRW 30M vs billions) but establishes regional precedent. Enforcement Decree published September 2025 with grace period for initial compliance.

Recent Developments

Enforcement Decree draft published September 8, 2025 clarifying standards and procedures. Grace period for fines announced to minimize confusion during initial enforcement. AI Safety Institute being established under MSIT.

At a Glance

Applies to

Foundation ModelGeneral ChatbotHealthcare AIEducational AIGovernment AIAutonomous VehicleInfrastructure AIImage GeneratorVideo Generator

Harms addressed

Discrimination

Requires

Risk Assessment Transparency Human Oversight Incident Reporting

Who Must Comply

AI developers and deployers
Foreign companies above user/revenue thresholds

Obligations fall on:

Safety Provisions

High-Impact AI regulation in critical sectors (healthcare, energy, nuclear, transport, government, education)
Mandatory advance notification to users of high-impact or generative AI
Labeling requirements for AI-generated content (images, text, video)
Fundamental rights impact assessment before deployment
Risk management and human oversight requirements
Foreign company domestic representative requirement above thresholds
AI Safety Institute established under MSIT
No prohibited AI practices (unlike EU AI Act)

Exemptions

National Defense and Security Exemption

AI developed exclusively for national defense or security purposes is exempt from the Act

• AI used exclusively for national defense
• AI used exclusively for security purposes

Compliance & Enforcement

Key Dates

Jan 22, 2026

All provisions take effect after one-year transition period

Penalties

KRW 30M; criminal (up to 3yr)

Criminal liability

Primary Source

CSET Translation

https://cset.georgetown.edu/wp-content/uploads/t0625_south_korea_ai_law_EN.pdf

View on map

South Korea

Focus Areas

Algorithmic accountability

Active safeguards required

Compliance Help

High-impact AI operators must implement: risk management plans, explanation methods for AI outputs, user protection plans, human oversight mechanisms, and documentation of safety measures. Fundamental rights impact assessments required before deploying high-impact AI products/services.

See how NOPE helps

Cite This

APA

South Korea. (2025). Framework Act on AI Development and Establishment of Trust (Law No. 20676).

Related Regulations

In Effect TW

Taiwan AI Act

Comprehensive AI Basic Act (pending) establishes seven guiding principles and risk-based classification. Note: Taiwan already has ENACTED deepfake/election AI provisions via separate laws (Criminal Code 2023, Election Law 2023, Fraud Prevention Act 2024).

In Effect JP

Japan AI Act

Creates "duty to make reasonable efforts" (not strict requirements) to follow AI principles. Establishes AI Strategy Center. Largely non-binding, consistent with Japan's "soft law" tradition.

In Effect RU

FZ No. 169

Establishes experimental legal regimes for digital innovation and AI, broadening liability for damages during testing and creating tracking mechanisms for AI-related incidents.

In Effect KR

South Korea Deepfake Law

South Korea's world-strictest deepfake law: 7 years for creating/distributing, 3 years for possessing/viewing deepfake sexual content. Even viewing is criminal.

Enacted NZ

NZ Biometric Code

Sets specific legal requirements under Privacy Act for collecting and using biometric data such as facial recognition and fingerprint scans. Prohibits particularly intrusive uses including emotion prediction and inferring protected characteristics like ethnicity or sex.

In Effect AU

AU Privacy Amendment 2024

Strengthens Privacy Act requirements for biometric data collection, raising the standard of conduct for collecting biometric information used for automated verification or identification. Cannot collect such information unless individual has consented and it is reasonably necessary.

All regulations Check if this applies to you

Last updated January 22, 2026. Verify against primary sources before relying on this information.